Specifications include, but are not limited to: Define the primary objectives of the vendor risk management implementation and product/service offering, including: Provide enterprise licensing and services for CNB. Implementing a third-party solution/service for vendor risk scoring, questionnaires, breach monitoring, contract compliance, and vendor data analysis. Establishing processes for identifying critical vendors. Provide Vendor Risk Score dashboard that automatically populates based upon external data sources. Provides automatic vendor security evaluation and risk scoring. Vendor Onboarding & Offboarding Assessments of Compliance Risk, Credit Risk, Operational Risk, Strategic Risk, and Transaction Risk. Vendor questionnaire management allows a manual and automatic population of the questionnaire. Evaluation of the vendor’s use of third parties to support vendor’s operations. Determining the adequacy of a vendor’s standards, policies, and procedures to ensure they address internal controls, security (physical, systems, data, equipment, etc.), privacy protections, maintenance of records, business resumption contingency planning, and systems development and Maintenance.
